The Advanced Threat Research team performs vulnerability research to help Intel Security lead the way in developing secure technology.

Advanced Threat Research

Increasingly, people around the world depend on technology for their daily activities. Making this technology trustworthy involves a deep understanding of how attacks work. By researching security vulnerabilities, the Advanced Threat Research (ATR) team in Intel Security discovers opportunities to drive toward more secure technology.

Coordination and Disclosure Process

Last updated: 2016-04-12

In order to drive more secure technology, we need to deeply understand how attacks work. The Advanced Threat Research team does exactly this. When we discover vulnerabilities, we seek to spread the understanding and drive mitigations through coordination with other stakeholders and a coordinated disclosure process. We have worked closely with various industry groups that receive such reports and understand that this can be complicated. Consistent with what Intel asks regarding vulnerability handling, this document outlines what you can expect from ATR's coordination and disclosure.

Our initial communications will usually be private and directed toward those who can develop and deploy effective mitigations. This communication includes some key items:

Disclosure Plan - This outlines our proposed timeline for public disclosure. While each issue merits its own consideration, we usually propose approximately 3 to 6 months, depending on complexities such as multi-party alignment or update infrastructure.

Vulnerability Description - This is where we explain the technical details of the issue(s).

Potential Mitigation Options - While we are not aware of all the considerations necessary to completely address issues in non-Intel products, we try to help by offering some options that could mitigate the issue.

We will attempt to work with reasonable requests to adjust the disclosure timeline. In cases of active exploitation or other threats, however, more rapid disclosure may be needed.

Follow Up

After reaching out to those who are in the best position to mitigate the issue, we will continue to follow up on any discussion. We may check in to see how things are going or review materials to be published according to the disclosure plan.

Public Disclosure

When coordination is complete and the time for public disclosure has arrived, ATR will strive to provide clear technical details with the intent to educate. This will include information about the issues as well as detection and mitigation options that we believe to be available. In doing so, we hope to avoid exaggeration while improving the understanding required to drive more secure technology.